github.com/filecoin-project/lotus uses insecure validation. The vulnerability exists due to the system wrongly validating the signature in their other forms even though the methods accepts both in either form.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/filecoin-project/lotus | le | v1.4.1 |